Dev portalALB and NLB Config
A detailed overview of the Public ALB's listeners, routing rules, and target groups.
Application Load Balancer (ALB) and Network Load Balancer (NLB) Configuration
This document provides a comprehensive overview of the public-facing Application Load Balancer (ALB) configuration. It covers the listeners that accept incoming traffic, the rules that route requests based on specific conditions, and the target groups that are the final destination for that traffic.
1. ALB Listeners
Listeners are responsible for checking for connection requests to the ALB, based on the configured port and protocol.
Primary Listener: HTTPS Port 443
This is the main listener that handles the majority of secure web traffic. It uses a set of rules based on the Host Header (domain name) and URL Path to route requests to various target groups. The rules are processed in order of priority (lower numbers have higher priority).
| Priority | Name | Conditions (If) | Action (Then) |
|---|---|---|---|
| 1 | webapp | Host header is webapp.solara.io | Forward to dashboard-tg. |
| 5 | backend-ws | Host header is app-api.solara.io AND Path is /ws/* | Forward to backend-socketio-tg. |
| 10 | backend-dashboard | Host header is app-api.solara.io | Forward to backend-clientwebhook-tg. |
| 15 | backend-web | Host header is api.solara.io | Forward to backend-web-tg. |
| 20 | wcs-frontend | Host header is wcs.solara.io | Forward to wcs-tg. |
| 25 | meilisearch | Host header is meilisearch.solara.io | Forward to meilisearch. |
| 30 | marketplace | Host header is marketplace.solara.io | Forward to marketplace-tg. |
| 40 | app-gateway-socketio | Host header is app-gateway.solara.io AND Path is /chat/ai/ws/* | Forward to app-gateway-socketio-tg.Note: Target group stickiness is enabled for 86400 seconds. |
| 45 | app-gateway | Host header is app-gateway.solara.io | Forward to app-gateway-tg. |
| 55 | chat-widget | Host header is chat-widget.solara.io | Forward to chat-widget-tg. |
| Default (Last) | Default | If no other rules match | Return a fixed response: HTTP 503 (Service Unavailable). |
Other Listeners
In addition to port 443, the ALB listens on several other ports with predefined behaviors.
HTTP Port 80
- Action: All traffic arriving on port
80(HTTP) is permanently redirected (HTTP 301) tohttps://<host>:443. This enforces that all connections are encrypted over HTTPS.
Other Dedicated HTTPS Ports
These listeners serve specialized backend services and all share a common security policy and SSL certificate.
- Common Security Policy:
ELBSecurityPolicy-TLS13-1-2-2021-06 - Default SSL/TLS Certificate:
*.solara.io(issued by AWS ACM)
| Listener Port (HTTPS) | Action (Forwards to Target Group) |
|---|---|
| 4000 | backend-web-tg |
| 5000 | backend-clientwebhook-tg |
| 8000 | backend-admin-tg |
| 8888 | backend-socketio-tg |
| 9000 | backend-dashboard-tg |
| 9981 | backend-private-tg |
| 11111 | backend-public-tg |
2. Target Groups
Target Groups (TGs) are used to route requests to one or more registered destinations, such as EC2 instances. All TGs in this configuration share a common base setup.
Common Configuration for All Target Groups
- Target type:
Instance - IP address type:
IPv4 - Health check path:
/ - Healthy threshold:
5consecutive successes - Unhealthy threshold:
2consecutive failures - Success codes:
200-499
Important Note: All target groups have two registered instances:
onserver-1andonserver-2.
Detailed Target Group Configurations
The table below lists the specific port and protocol configurations for each individual Target Group.
| Target Group Name | Category | TG Port | Protocol | Health Check Port | Registered Targets Port |
|---|---|---|---|---|---|
app-gateway-socketio-tg | app-gateway | 9001 | HTTP | 9001 | 9001 |
app-gateway-tg | app-gateway | 9001 | HTTP | 9001 | 9001 |
backend-admin-tg | Backend | 8000 | HTTP | 8000 | 8000 |
backend-clientwebhook-tg | Backend | 5000 | HTTP | 5000 | 5000 |
backend-dashboard-tg | Backend | 9000 | HTTP | 9000 | 9000 |
backend-private-tg | Backend | 9981 | HTTP | 9981 | 9981 |
backend-public-tg | Backend | 11111 | HTTP | 11111 | 11111 |
backend-socketio-tg | Backend | 8888 | HTTP | 8888 | 8888 |
backend-web-tg | Backend | 4000 | HTTP | 4000 | 4000 |
chat-widget-tg | Others | 3050 | HTTP | 3050 | 3050 |
dashboard-tg | Others | 80 | HTTP | 80 | 80 |
marketplace-tg | Others | 9982 | HTTP | 9982 | 9982 |
wcs-tg | Others | 3000 | HTTP | 3000 | 3000 |
Getting Started with iMBrace DevOps Infrastructure
Quick start guide for deploying and managing iMBrace Platform infrastructure on AWS Private Cloud
iMBrace Platform Environment Specification
Technical specification of iMBrace platform environments including AWS Private Cloud and On-Premise deployments